what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

Files

Steam Browser Protocol Insecurity
Posted Oct 16, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

In this paper the authors uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam3 platform as an attack vector against remote systems.

tags | paper, remote, local, vulnerability
MD5 | 63740b046124cdac4856b7ad03a2bb70

Related Files

REVULN 19Q4 Call For Papers
Posted Aug 15, 2019
Site revuln.com

The Call For Papers has been announced for REVULN 19Q4, an international cyber-security conference taking place December 11th and 12th, 2019 in Hong Kong at the Best Western Plus Hotel Hong Kong.

tags | paper, conference
MD5 | 5898b7cbd5c5f126b61004c0c098becf
REVULN 19 Call For Papers
Posted Dec 24, 2018
Site revuln.com

REVULN 19 is an information technology security conference taking place on May 15th, 2019 in Hong Kong at the Harbour Plaza North Point Hotel.

tags | paper, conference
MD5 | cfe0efe2b6f87c7ffa0bb50667e66182
Bypass Antivirus Dynamic Analysis
Posted Aug 25, 2014
Authored by Emeric Nasi

In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.

tags | paper, virus
MD5 | c4de1d2cdfde42f5957a9af64bb2de38
Owning Render Farms Via NVIDIA Mental Ray
Posted Dec 10, 2013
Authored by Luigi Auriemma, Donato Ferrante

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

tags | paper
MD5 | 886ce6e4c37835eeb36b477086d12e47
Flush + Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack
Posted Jul 26, 2013
Authored by Yuval Yarom, Katrina Falkner

Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper the authors demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM.

tags | paper
MD5 | ad27212856fc1757a511a4724c7cc8a4
Game Engines: A 0-Day's Tale
Posted May 20, 2013
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing. This paper has been released as a companion paper along with the authors' talk Exploiting Game Engines For Fun And Profit presented at the NoSuchCon conference.

tags | paper, remote, local, vulnerability
MD5 | a156b54acde9b90d5f91a8a7577cbc8c
EA Origin Insecurity
Posted Mar 18, 2013
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

In this paper the authors uncover and demonstrate an interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as an attack vector against remote systems. The attack proposed in this paper is similar to the attack targeting the Steam platform that they detailed in their previous research. The Origin attack detailed in this paper affects more than 40 million Origin users.

tags | advisory, remote, local, vulnerability
MD5 | c92b95ac5695e15bc233f966bcf7c887
Attacking Xerox's Multifunction Printers Patch Process
Posted Feb 28, 2013
Authored by Deral Heiland | Site foofus.net

Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.

tags | paper, root
MD5 | ddb960cfe93ae7e0b9dd7cda29c3a455
Hiding Data In Hard-Drive's Service Areas
Posted Feb 19, 2013
Authored by Ariel Berkman | Site recover.co.il

In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.

tags | paper
MD5 | 84a2861a39eb95ddeeb365c13f9e3531
Call Of Duty: Modern Warfare 3 NULL Pointer Dereference
Posted Nov 14, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper describes a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare6 query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

tags | advisory, denial of service
MD5 | f81259fd248e1c5f858de6428a1df2bf
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close